And the password is . . . (so easy to forget)

The number of logins, codes and passwords we’re expected to remember has gone beyond the ridiculous – but help is at hand

There are three kinds of people in this world: those with numerous unique passwords which they meticulously change periodically for security reasons; those with one password for everything; and those with a few they keep confusing and are forever clicking the “forgot password” button.

Dr John Breslin, senior lecturer in Electronic Engineering and researcher with the Insight Centre for Data Analytics at NUI Galway, has 294 different facilities requiring passwords. "I manage a lot of Twitter accounts, about 30 in all, and am involved with a number of boards, conferences and projects," he says. "Remembering all the different codes is impossible so I use a single login system, 1Password."

This one-stop password consolidator is one of many now being used by those with many alphanumeric strings to remember. RoboForm and LastPass are also popular.

While having almost 300 passwords is not the average person’s routine security soiree, most of us still accumulate a sizeable number.

How many can we actually remember and how?

"There are three broad categories of memory: retrospective, semantic and prospective," explains Dr Kate Irving, lecturer in the Department of Nursing and Human Sciences at DCU. She has only one password for almost everything.

“Memory for numbers and passwords is in the semantic category. But even though the number of passwords one must remember is rising, things are also getting increasingly streamlined and simplified. So we’re not asking our brains to remember as many numbers as we used to. Nobody has to try to remember phone numbers anymore because they’re already in the phone.”

If you have difficulty remembering all those numbers and letters, Irving suggests trying this exercise: “If it’s numbers make them into pictures: 0 is a ball, 1 is a pen, 2 is a swan, 3 is like handcuffs, 4 is a sailboat, and so on. I remember numbers and make stories out of the pictures.”

Then again, the brain can also be overused.

“Use it or lose it is a common cliché about the brain which is a completely overly-simplified message,” she says. “There’s a saying, ‘The brain is like a muscle’. No it’s not. If you put yourself under too much stress, it can have a negative impact and the brain will stop trying to remember things altogether.”

The impact of increasingly ubiquitous technology used to organise our lives is both complex and double-edged.

"Certainly, these issues tax human cognitive load in new and demanding ways that prior generations did not have to deal with," says Brad Love, professor of psychology at the University of Texas. "At the same time, of course, these technologies automate so many things we previously had to accomplish in more effortful ways."

“Our brains are like plasticine,” says Irving. “They can be moulded. And the more you practise playing something, the more natural movements become. Your brain actually physiologically changes as a result of the things we do. So if we no longer try and remember numbers, then there’s an element of our semantic memory were not exercising.”

The middle ground

This reporter is getting mixed messages and his brain is in a confused state. The majority of us

will be careful with a few core passwords such as online banking accounts and work email, and then are fairly blasé with the rest, right?

"There is a growing blur between how I distinguish my personal and work passwords," says Prof Alan Smeaton, director of the Insight Centre for Data Analytics at DCU. He has a few passwords which he often forgets. "My bank account is personal, as is my Facebook. My Twitter is half and half. After that they blend into one as to which is work and which is personal. I have quite a few passwords but I can't remember them all. So for those that I only need occasionally, I just hit the 'forgot your password' button and generate a new one.

“Although I was wary at first, I now use Facebook to log in to other services,” he says. “There is often a single Facebook identifier for many websites for convenience and I have started using it. I’ve made the conscious decision to give away information about myself that’s shared there. I know it and accept it and am happy with that. Some don’t realise the consequences though and just do it without thinking.”

There are numerous alternatives to the traditional way of accessing a secure place, some such as fingerprint, voice recognition and iris imaging, are already in operation.

“Biometrics offers lots of new alternatives,” says Breslin. “You could use the heart beat. Each heart beat is composed of a set of complex signals with a unique pattern for each person.”

Smeaton suggests another possibility. “One of the things that’s hasn’t been exploited is our typing habits,” he says. “Everybody has their own typing style. The keyboard could measure the time down and time up of each finger to the nearest millisecond and that could be used as an identifier.”

While the barrage of passwords we’re now responsible for was probably not envisaged 40-odd years ago, there are points as to why alphanumeric passwords are still the way to go.

“Everything can be cracked except something only stored in a person’s head,” says Breslin.

Read More